ZDNet UK

CNET NETWORKS UK BUSINESS SITES:
atlarge.com
BNET UK
silicon.com
SmartPlanet.com
ZDNet.co.uk

ZDNet.co.uk - Winner of Best Business Website 2007

You are here: ZDNet.co.uk > News > Internet

Online business Toolkit

Morpheus denies security breach

James Pearce ZDNet Australia

Published: 06 Feb 2002 11:22 GMT

StreamCast Networks, the company that created Morpheus, has categorically denied there is a 'dangerous' hole in the software program.

The Morpheus peer-to-peer enabling application is well known as the basis for MusicCity, a file-sharing service that has sprung up in the vacuum created by the demise of Napster.

Rising to recent reports of an alleged security breach, StreamCast stated in an email to ZDNet Australia "there has never been a security breach in Morpheus since its introduction in April 2001".

In its defence, StreamCast claims that only Morpheus users are able to elect which files they want to share with the user network, and putting them into a shared folder renders them accessible to other Morpheus users.

"StreamCast reminds its users to be sure they are not sharing files they want to keep private or files that are copyrighted," the company said in a statement. The implication being that a security breach is merely the result of users making all their folders, and private information, accessible.

The rumours relating to the alleged security breach were first reported by BBC Online, and StreamCast says that the "anonymous" security consultants who reported the supposed flaw haven't contacted the Morpheus crew directly.

To further complicate matters, StreamCast claims several false postings have been made to Web sites about the alleged breach, supposedly on behalf of StreamCast and Morpheus. According to StreamCast, one such posting was purportedly made by Paul Sarsfield, who claimed to be a Morpheus employee.

"StreamCast does not employ any person by that name, nor have any StreamCast employees or company representatives posted any responses to this matter," the company said.

Sarsfield, a 15 year old who edits www.gamerspage.com, denies making the postings and has written a page denying the BBC report, under the title 'idiocy'.

"The way the Morpheus sharing works it is impossible to get into the root - or any directory really unless it is shared because it generates a DB [database] of shared files and bases the index upon that when it lists files," Sarsfield said in e-mail correspondence with ZDNet Australia.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Viruses and Hacking News Section.

Have your say instantly, and see what others have said. Go to the Security forum.

Let the editors know what you think in the Mailroom.